Source code for tcms.utils.github

# Copyright (c) 2019 Alexander Todorov <atodorov@MrSenko.com>

import hashlib
import hmac

from django.http import HttpResponseForbidden


[docs]def calculate_signature(secret, contents): """ Calculate GitHub signature header. WARNING: both parameters must be bytes, not string! """ return "sha1=" + hmac.new(secret, msg=contents, digestmod=hashlib.sha1).hexdigest()
[docs]def verify_signature(request, secret): """ Verifies request comes from GitHub, see: https://developer.github.com/webhooks/securing/ """ signature = request.headers.get("X-Hub-Signature", None) if not signature: return HttpResponseForbidden() expected = calculate_signature(secret, request.body) # due to security reasons do not use '==' operator # https://docs.python.org/3/library/hmac.html#hmac.compare_digest if not hmac.compare_digest(signature, expected): return HttpResponseForbidden() return True # b/c of inconsistent-return-statements